1
22
23 package com.liferay.portal.security.jaas.ext;
24
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.security.jaas.PortalPrincipal;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.kernel.util.StringPool;
30 import com.liferay.portal.service.UserLocalServiceUtil;
31
32 import java.io.IOException;
33
34 import java.security.Principal;
35
36 import java.util.Map;
37
38 import javax.security.auth.Subject;
39 import javax.security.auth.callback.Callback;
40 import javax.security.auth.callback.CallbackHandler;
41 import javax.security.auth.callback.NameCallback;
42 import javax.security.auth.callback.PasswordCallback;
43 import javax.security.auth.callback.UnsupportedCallbackException;
44 import javax.security.auth.login.LoginException;
45 import javax.security.auth.spi.LoginModule;
46
47
52 public class BasicLoginModule implements LoginModule {
53
54 public boolean abort() {
55 return true;
56 }
57
58 public boolean commit() {
59 if (getPrincipal() != null) {
60 getSubject().getPrincipals().add(getPrincipal());
61
62 return true;
63 }
64 else {
65 return false;
66 }
67 }
68
69 public void initialize(
70 Subject subject, CallbackHandler callbackHandler,
71 Map<String, ?> sharedState, Map<String, ?> options) {
72
73 _subject = subject;
74 _callbackHandler = callbackHandler;
75 }
76
77 public boolean login() throws LoginException {
78 String[] credentials = null;
79
80 try {
81 credentials = authenticate();
82 }
83 catch (Exception e) {
84 _log.error(e.getMessage());
85
86 throw new LoginException();
87 }
88
89 if ((credentials != null) && (credentials.length == 2)) {
90 setPrincipal(getPortalPrincipal(credentials[0]));
91 setPassword(credentials[1]);
92
93 return true;
94 }
95 else {
96 throw new LoginException();
97 }
98 }
99
100 public boolean logout() {
101 getSubject().getPrincipals().clear();
102
103 return true;
104 }
105
106 protected Subject getSubject() {
107 return _subject;
108 }
109
110 protected Principal getPrincipal() {
111 return _principal;
112 }
113
114 protected void setPrincipal(Principal principal) {
115 _principal = principal;
116 }
117
118 protected Principal getPortalPrincipal(String name) {
119 return new PortalPrincipal(name);
120 }
121
122 protected String getPassword() {
123 return _password;
124 }
125
126 protected void setPassword(String password) {
127 _password = password;
128 }
129
130 protected String[] authenticate()
131 throws IOException, UnsupportedCallbackException {
132
133 NameCallback nameCallback = new NameCallback("name: ");
134 PasswordCallback passwordCallback =
135 new PasswordCallback("password: ", false);
136
137 _callbackHandler.handle(
138 new Callback[] {
139 nameCallback, passwordCallback
140 });
141
142 String name = nameCallback.getName();
143
144 String password = null;
145 char[] passwordChar = passwordCallback.getPassword();
146
147 if (passwordChar != null) {
148 password = new String(passwordChar);
149 }
150
151 if (name == null) {
152 return new String[] {StringPool.BLANK, StringPool.BLANK};
153 }
154
155 try {
156 long userId = GetterUtil.getLong(name);
157
158 if (UserLocalServiceUtil.authenticateForJAAS(userId, password)) {
159 return new String[] {name, password};
160 }
161 }
162 catch (Exception e) {
163 _log.error(e, e);
164 }
165
166 return null;
167 }
168
169 private static Log _log = LogFactoryUtil.getLog(BasicLoginModule.class);
170
171 private Subject _subject;
172 private CallbackHandler _callbackHandler;
173 private Principal _principal;
174 private String _password;
175
176 }